The goal of the multi-institutional research is to develop a system of "situational awareness," which can automatically identify attacks on the Internet, assess the potential damage of attacks, identify responses, and predict future threats. A particular interest will be creating techniques and tools for addressing state-sponsored attacks.

"Every kind of information you can think of--including state secrets--exists on a computer somewhere," said Richard Kemmerer, professor of computer science. "Unless that computer is locked up with no connection to the outside world, there's a chance of that information getting compromised." Kemmerer is one of the UC Santa Barbara group's core faculty members on the project.

The research team has set several initiatives for its security research:

Techniques for analyzing network activity automatically to obtain a real-time view of how the network is being used;

Analysis techniques for extracting relationships in the network;

Development of two frameworks, one to identify the targets of cyber attacks and estimate the impact of a successful attack and the other to provide an easy-to-understand view of the network's status and to learn about attacks while they're happening; and

Creation of models of adversary behavior to help predict the effects of future attacks.

The UC Santa Barbara team made headlines when it took control of Torpig, a major botnet that had control of 180,000 Windows computers, primarily in the United States and Europe. This feat, which lasted for 10 days in early 2009, allowed the researchers to monitor the botnet's collection of 70 GB of data, including information from online bank accounts, credit and debit card accounts, and e-mail accounts. The researchers collaborated with the FBI and other law enforcement agencies, as well as with the banks and financial institutions involved, to notify the owners of the compromised accounts.